Enable the adaptive firewall in OS X Server

Oct 11, '12 07:30:00AM

Contributed by: kirkmc

Apple recently published a technical note explaining how to enable the adaptive firewall in OS X Server. This is a type of firewall that automatically creates temporary rules according to certain events. For example, a number of failed login attempts will cause the adaptive firewall to create a temporary rule to block the IP address attempting to log in.

To do this, run the following commands as an administrative user:

sudo pfctl -f /etc/pf.conf
sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serverctl enable service=com.apple.afctl
sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -f
Then, edit /System/Library/LaunchDaemons/com.apple.pfctl.plist using the following commands:
sudo defaults write /System/Library/LaunchDaemons/com.apple.pfctl ProgramArguments '(pfctl, -f, /etc/pf.conf, -e)'
sudo chmod 644 /System/Library/LaunchDaemons/com.apple.pfctl.plist
sudo plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.pfctl.plist
Another technical note explains how to resolve an issue where packet rules do not load.

For more information, see man afctl and this post on the techorganic blog.

Comments (4)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20121011004626997